Index: linux-2.6.15/fs/namespace.c
===================================================================
--- linux-2.6.15.orig/fs/namespace.c
+++ linux-2.6.15/fs/namespace.c
@@ -671,7 +671,7 @@ asmlinkage long sys_umount(char __user *
 		goto dput_and_out;
 
 	retval = -EPERM;
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
 		goto dput_and_out;
 
 	retval = do_umount(nd.mnt, flags);
@@ -695,9 +695,7 @@ asmlinkage long sys_oldumount(char __use
 
 static int mount_is_safe(struct nameidata *nd)
 {
-	if (capable(CAP_SYS_ADMIN))
-		return 0;
-	if (vx_ccaps(VXC_SECURE_MOUNT))
+	if (vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
 		return 0;
 	return -EPERM;
 #ifdef notyet
@@ -989,7 +987,7 @@ static int do_remount(struct nameidata *
 	int err;
 	struct super_block *sb = nd->mnt->mnt_sb;
 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_REMOUNT))
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_REMOUNT))
 		return -EPERM;
 
 	if (!check_mnt(nd->mnt))
@@ -1023,7 +1021,7 @@ static int do_move_mount(struct nameidat
 	struct nameidata old_nd, parent_nd;
 	struct vfsmount *p;
 	int err = 0;
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
 		return -EPERM;
 	if (!old_name || !*old_name)
 		return -EINVAL;
@@ -1103,7 +1101,7 @@ static int do_new_mount(struct nameidata
 		return -EINVAL;
 
 	/* we need capabilities... */
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT))
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT))
 		return -EPERM;
 
 	mnt = do_kern_mount(type, flags, name, data);
@@ -1421,7 +1419,7 @@ int copy_namespace(int flags, struct tas
 	if (!(flags & CLONE_NEWNS))
 		return 0;
 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SECURE_MOUNT)) {
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SECURE_MOUNT)) {
 		put_namespace(namespace);
 		return -EPERM;
 	}
Index: linux-2.6.15/fs/quota.c
===================================================================
--- linux-2.6.15.orig/fs/quota.c
+++ linux-2.6.15/fs/quota.c
@@ -83,11 +83,11 @@ static int generic_quotactl_valid(struct
 	if (cmd == Q_GETQUOTA) {
 		if (((type == USRQUOTA && current->euid != id) ||
 		     (type == GRPQUOTA && !in_egroup_p(id))) &&
-		    !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
+		    !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
 			return -EPERM;
 	}
 	else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO)
-		if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
+		if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
 			return -EPERM;
 
 	return 0;
@@ -134,10 +134,10 @@ static int xqm_quotactl_valid(struct sup
 	if (cmd == Q_XGETQUOTA) {
 		if (((type == XQM_USRQUOTA && current->euid != id) ||
 		     (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
-		     !capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
+		     !vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
 			return -EPERM;
 	} else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) {
-		if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_QUOTA_CTL))
+		if (!vx_capable(CAP_SYS_ADMIN, VXC_QUOTA_CTL))
 			return -EPERM;
 	}
 
Index: linux-2.6.15/fs/super.c
===================================================================
--- linux-2.6.15.orig/fs/super.c
+++ linux-2.6.15/fs/super.c
@@ -815,7 +815,7 @@ do_kern_mount(const char *fstype, int fl
 
 	sb = ERR_PTR(-EPERM);
 	if ((type->fs_flags & FS_BINARY_MOUNTDATA) &&
-		!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_BINARY_MOUNT))
+		!vx_capable(CAP_SYS_ADMIN, VXC_BINARY_MOUNT))
 		goto out;
 
 	sb = ERR_PTR(-ENOMEM);
Index: linux-2.6.15/include/linux/vs_base.h
===================================================================
--- linux-2.6.15.orig/include/linux/vs_base.h
+++ linux-2.6.15/include/linux/vs_base.h
@@ -98,6 +98,9 @@ static inline int __vx_check(xid_t cid, 
 	(current->vx_info && \
 	(current->vx_info->vx_initpid == (n)))
 
+#define vx_capable(b,c) (capable(b) || \
+	((current->euid == 0) && vx_ccaps(c)))
+
 
 #else
 #warning duplicate inclusion
Index: linux-2.6.15/kernel/sys.c
===================================================================
--- linux-2.6.15.orig/kernel/sys.c
+++ linux-2.6.15/kernel/sys.c
@@ -1531,7 +1531,7 @@ asmlinkage long sys_sethostname(char __u
 	int errno;
 	char tmp[__NEW_UTS_LEN];
 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SET_UTSNAME))
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
@@ -1580,7 +1580,7 @@ asmlinkage long sys_setdomainname(char _
 	int errno;
 	char tmp[__NEW_UTS_LEN];
 
-	if (!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SET_UTSNAME))
+	if (!vx_capable(CAP_SYS_ADMIN, VXC_SET_UTSNAME))
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
@@ -1648,7 +1648,7 @@ asmlinkage long sys_setrlimit(unsigned i
                return -EINVAL;
 	old_rlim = current->signal->rlim + resource;
 	if ((new_rlim.rlim_max > old_rlim->rlim_max) &&
-	    !capable(CAP_SYS_RESOURCE) && !vx_ccaps(VXC_SET_RLIMIT))
+	    !vx_capable(CAP_SYS_RESOURCE, VXC_SET_RLIMIT))
 		return -EPERM;
 	if (resource == RLIMIT_NOFILE && new_rlim.rlim_max > NR_OPEN)
 			return -EPERM;
Index: linux-2.6.15/security/commoncap.c
===================================================================
--- linux-2.6.15.orig/security/commoncap.c
+++ linux-2.6.15/security/commoncap.c
@@ -312,7 +312,7 @@ void cap_task_reparent_to_init (struct t
 int cap_syslog (int type)
 {
 	if ((type != 3 && type != 10) &&
-		!capable(CAP_SYS_ADMIN) && !vx_ccaps(VXC_SYSLOG))
+		!vx_capable(CAP_SYS_ADMIN, VXC_SYSLOG))
 		return -EPERM;
 	return 0;
 }
Index: linux-2.6.15/security/security.c
===================================================================
--- linux-2.6.15.orig/security/security.c
+++ linux-2.6.15/security/security.c
@@ -197,24 +197,10 @@ int capable(int cap)
 	return 1;
 }
 
-int vx_capable(int cap, int ccap)
-{
-	if (security_ops->capable(current, cap)) {
-		/* capability denied */
-		return 0;
-	}
-	if (!vx_ccaps(ccap))
-		return 0;
-
-	/* capability granted */
-	current->flags |= PF_SUPERPRIV;
-	return 1;
-}
 
 EXPORT_SYMBOL_GPL(register_security);
 EXPORT_SYMBOL_GPL(unregister_security);
 EXPORT_SYMBOL_GPL(mod_reg_security);
 EXPORT_SYMBOL_GPL(mod_unreg_security);
 EXPORT_SYMBOL(capable);
-EXPORT_SYMBOL(vx_capable);
 EXPORT_SYMBOL(security_ops);
Index: linux-2.6.15/include/linux/sched.h
===================================================================
--- linux-2.6.15.orig/include/linux/sched.h
+++ linux-2.6.15/include/linux/sched.h
@@ -1125,7 +1125,6 @@ static inline int sas_ss_flags(unsigned 
 #ifdef CONFIG_SECURITY
 /* code is in security.c */
 extern int capable(int cap);
-extern int vx_capable(int cap, int ccap);
 #else
 static inline int capable(int cap)
 {
@@ -1137,16 +1136,6 @@ static inline int capable(int cap)
 	}
 	return 0;
 }
-
-static inline int vx_capable(int cap, int ccap)
-{
-	if (cap_raised(current->cap_effective, cap) &&
-		vx_ccaps(ccap)) {
-		current->flags |= PF_SUPERPRIV;
-		return 1;
-	}
-	return 0;
-}
 #endif
 
 /*